Friday, February 21, 2014

Plaintiff (here VeriPic) and defendant both sell digital asset
management software to law enforcement.VeriPic and Foray both sell software that allows users to determine real
distances/heights etc. from a photo.Also, Foray’s software can validate whether a piece of digital evidence
has been manipulated or altered between the time it is entered into the system
and a later time when a user wishes to make use of that piece of digital
evidence. VeriPic’s software allows the user to validate not only whether
digital evidence has been altered since it was entered, but also whether the
digital evidence has been altered from the moment the picture was originally
taken.

The state and federal false advertising claims were judged
by the same standard, meaning that the analysis of the FAL and UCL claims used
the explicit/implicit falsity divide (as consumer FAL/UCL claims do not).First, the court rejected VeriPic’s survey,
since it looked at digital photo users
in law enforcement.However, most of the
respondents were unfamiliar with the relevant software programs, though they
used some form of photo evidence in their work.More importantly, they weren’t the relevant audience for the targeted ad
claims, which were made in response to requests for proposals, in direct
emails, and displays at trade shows. VeriPic didn’t show that photo users would
see those materials.So the survey wasn’t
shown to be reliable or relevant.

Thus, VeriPic had to make a claim for explicit falsity, a “rigorous”
standard requiring a statement to be “unambiguously false,” analyzed in its
full context.The fact that statements
were made to sophisticated consumers with background knowledge/expertise is
relevant here, as are industry standards.

VeriPic first challenged Foray’s claims that it could “authenticate”
digital evidence, arguing that authentication required assessing whether there’d
been any alterations since the photo was taken, not just since the photo was
entered into the software system.The
latter, VeriPic argued, was known as “integrity.”VeriPic relied on industry guidelines (known
as SWGIT guidelines).But those
guidelines showed that “authenticate” had different meanings dependent on
context.In some contexts, authentication
requires a human observation, and neither party can provide that.In other contexts, “authentication” means
being able to “discern if a questioned image is an accurate representation of
the original data by some defined criteria.” But this was closely related to the concept of
“integrity.”The SWGIT guidelines
therefore defined “Forensic Image Authentication” as a type or subset of
“integrity” process.Plus, Foray showed
that the digital asset management software industry uses the term
“authentication” when referring to the ability to ensure the “integrity” of
images. This included three other
competitors, as well as VeriPic’s own website FAQ.Though VeriPic claimed that its “true
authentication” was better than “acquisition authentication” (which was all
Foray could provide at the relevant time), it was still using the term “authentication,”
not “integrity.”

VeriPic’s only evidence of purchasers using the term in its
chosen manner was one RFP, which stated that “[b]y ‘Authentication’ we
specifically mean the examination of the photos at the time it is imported into
the system to look for signs that the photos were edited by photo editing
software PRIOR to import into the
system and PRIOR to acquisition of
the photo into the system.” But, the
court pointed out, this RFP found it necessary “to provide an express
definition of how it was using the term and to bold and capitalize the word ‘prior’
to make clear” its meaning, suggesting that it wasn’t using a common definition
of “authentication,” or at the very least that there’s some other definition of
the term that needed to be distinguished.Nor did VeriPic’s expert testimony support its proposed definition as
the only industry definition.Thus,
summary judgment was appropriate.

VeriPic challenged another statement: “While some vendors
may claim they are ASCLD or SWGIT compliant, no other digital evidence
management system vendor complies with the SWGIT workflow shown above. ONLY the
Foray ADAMS solution meets this requirement!”VeriPic argued that this workflow was one of four example workflows and
thus wasn’t a requirement, and that “only” was literally false because VeriPic
complied too.

As to “requirement,” the statement wasn’t literally false in
context.The example workflow at issue
was the only one that involved a digital asset management system; the
guidelines said that the examples weren’t exhaustive, though.Foray’s use of “requirement” was consistent
with the meaning that its software was one known way of complying with the standards.The OED defines “requirement” as “something
wanted or needed,” and Foray’s use of the word “merely conveys that its
software uses a series of steps known to be wanted or needed by the example
workflow—i.e, consistent with it, as it is written.”

As for the “only,” it was undisputed that the example
workflow contemplated making copies of the images whenever an image was viewed
or processed. VeriPic contends that making copies isn’t as good at protecting
the integrity of the evidence; instead VeriPic provides enhancement tools that
don’t make copies. While this might be a good idea, “VeriPic’s product cannot
be literally consistent with the workflow—rendering Foray’ statement
unambiguously false—where its product allows user to deviate from the steps
listed in that workflow.”Summary
judgment for Foray.

The court also rejected VeriPic’s copyright and
copyright-related claims.VeriPic
alleged that Foray obtained VeriPic’s software in 2008 and copied it.Foray’s employees testified that they
observed the use of VeriPic’s software, but never obtained a copy of the
software or the source code.VeriPic’s
evidence was a 2005 email from Lynn Slaughter, a Foray sales representative, to
other Foray employees. The email stated: “I will be getting a VeriPic DVD at
the CBD conference that I will send in to the office. (Our client will bring me
one ...).” This was insufficient to
create a genuine dispute of fact on access.VeriPic failed to provide any evidence that Slaughter did get a copy;
the only record evidence was Slaughter’s testimony to the contrary.

Plus, Foray provided evidence of independent creation in
2005, with a source code expert who reviewed the 2005 software and the current
version and found no changes to the parts of the code VeriPic claimed had been
copied.

The DMCA claim failed because there was, likewise, no
evidence of circumvention.So did the
contributory infringement/inducement claims.

As for VeriPic’s claim for inducement of breach of contract,
VeriPic argued that Foray intentionally encouraged and assisted VeriPic’s
customers to breach their end user licensing agreements by allowing Foray
employees access to and use of VeriPic’s copyrighted works. Two Foray employees said that VeriPic
customers allowed them to view VeriPic’s software while the customers were
using the program, but testified that they never directly used the software. “VeriPic
fails to explain how merely allowing a third party to view VeriPic’s software
while the customer is using it is a breach of the end user license agreements.”None of the cited provisions of the EULA
barred allowing a third party to view the software while it is in use.

VeriPic also cited the Slaughter email, but there was no
evidence she got the disc, and in any event there was no evidence that the
client mentioned in the email was a party to the EULA.

Creative Commons/disclaimer

Text on this blog is licensed under a Creative Commons Attribution 2.5 License. Pictures and works quoted may be subject to other parties' copyrights.
I speak for myself. On this blog, I do not and cannot speak for Georgetown Law, the Organization for Transformative Works and/or AO3.